Our fault, no; your fault maybe
JP Morgan Chase got hacked big time recently, though by whom and for what purpose remains a mystery - at least publicly. (One of the many stories here.)
I haven't gotten my official notice about the incursion and the reassurances not to panic yet. No doubt it's in the mail.
What was in the mail was a statement with this notice from Chase:
Effective November 16, 2014, we will be updating your agreement. The updated agreement will explain that if you allow anyone to use your bank card, or if you don't exercise ordinary care (examples of not exercising ordinary care: if you keep your PIN with your card, or select your birthday as your PIN) you will be responsible for all authorized and unauthorized transaction . . .
Translation - if your account gets accessed by a thief, we'll decide whether you were doing a good job protecting it before we decide whether we're liable or not. We promise we'll be reasonable about deciding whether you were reasonable . . .
Would it be reasonable to suggest it's time to update 40-year-old security methods with more secure cards and ATM machines? Nah . . .
According to that Bloomberg link above, by the way, it was an employee password that let the thiefs in. Hopefully it wasn't his or her birthday.
Incidentally, the Federal Trade Commission says personal liability for ATM theft is limited, as long as you quickly report the theft. Here's the link. The banksters haven't changed all the rules yet.